Wednesday, January 30, 2019

With so many new technologies vying for attention, it can be difficult for CISOs to know which ones merit attention. Will this solution save time? Will it make our organization more productive, or enable us to do things we couldn’t otherwise do? These questions need to be considered before adopting Software-Defined Networking (SDN) and Network Functions Virtualization (NFV).

What makes these technologies appealing is their ability to separate software from hardware, which eschews the vendor lock-in that has been the norm. So then, the main question is not about budget but about an organization’s ability to overcome the challenges of these methods so organizations can realize their full value.

At the time enterprises, mobile operators and data centers began building their own network infrastructure, they used the typical customized hardware and software offered on the market. Example applications include network gateways, switches, routers, network load balancers, varied mobile applications in the mobile core; radio access network such as vEPC (virtual evolved packet core), vCPE (virtual customer premise equipment) and vRAN (virtual Radio Access Network); and security applications like firewalls, NGFW, IDS/IPS, SSL/IPsec offload appliances, DLP and antivirus applications, to name just a few.

Instead of needing to purchase proprietary appliances to run each networking application, it is much more cost-efficient to support these functions as software applications, called virtualized network functions (VNFs), running on virtual machines or in containers on standard servers. That’s the idea behind NFV. Moving away from discrete, cus¬tomized architectures to a more consolidated “x86-only architecture” promises to reduce costs, simplify deployment and management of net¬working infrastructure, widen supplier choice and, ultimately, enable horizontal scale-out in the networking and security market.

It’s not a sure bet that the throughput and latency demands that today’s applications require can be handled by applications in software on standard platforms without allotting significant CPU resources to address the issue. Operators are realizing that the cost savings that NFV promises are offset by the need to deploy entire racks of compute resources at a problem that a single appliance could previously support. The CPU and server costs, rack space and power required to meet the same performance footprint of a dedicated solution end up being as expensive as or more than custom-designed alternatives. The vision of operational simplicity and dramatically lower total cost of ownership are still a dream on the horizon.

Aaaand…Along Comes 5G

As if the performance and scaling problems that operators face with generic NFV infrastructure (NFVi) weren’t enough to worry about, the presence of 5G networks will make these concerns worse. The move to 5G brings new requirements to mobile networks, creating its own version of hyperscale networking that is needed to meet the performance goals for the technology, but at the right economy of scale. Numerous factors are fundamentally unique to 5G networks when compared to previous 3G/4G instantiations of mobile protocols. The shorter the distance, the higher the frequency – thus, the more bandwidth that can be driven over the wireless network.

But wait – it gets worse. 5G will also mean a huge increase in the number of users/devices (both human and IoT), which fundamentally affects the number of unique flows in the network and necessitates very low latency requirements. 5G also promises lower energy and cost than previous mobile technologies. These 5G goals, when realized, will drive the application of wireless communications to completely new areas never seen before.

Rapid Scaling

If they are going to meet performance goals, network operators now see that they will need data plane acceleration based on FPGA-based SmartNICs in order to scale virtualized networking functions (VNFs). This technique offloads the x86 processors that are hosting the varied VNFs to support the breadth of services promised.

When SmartNIC acceleration supports virtual switching, this set-up has been shown to be the highest-performing and most secure method of deploying VNFs. Virtual machines (VMs) can use accelerated packet I/O and guaranteed traffic isolation via hardware while maintaining vSwitch functionality. FPGA-based SmartNICs specialize in the match/action processing required for vSwitches and can offload critical security processing, freeing up CPU resources for VNF applications.

Functions like filtering, intelligent load balancing, virtual switching, flow classification and encryption/decryption can all be performed in the SmartNIC and offloaded from the x86 processor housing the VNFs while, through technologies like VirtIO, be transparent to the VNF, providing a common management and orchestration layer to the network fabric.

A Novel Configuration

Network infrastructure has changed so dramatically and so much more is being asked of it that
organizations cannot operate with networking and security solutions that are expensive, hardened and fixed-function. The technique to overcome the challenges that are facing NFV deployments requires reconfigurable computing platforms based on standard servers capable of offloading and accelerating compute-intensive workloads, either in an inline or look-aside model to appropriately distribute workloads between x86 general-purpose processors and software-reconfigurable, FPGA-based SmartNICs optimized for virtualized environments.

The environment that results from combining low-cost server platforms and FPGA-based SmartNICs is one that enables huge throughput and support for many millions of simultaneous flows. CISOs that have struggled to implement NFV now have the option to use this novel framework, with the capabilities and the speed they need.

About the author

Daniel Proch is VP of product management at Napatech and has over 20 years’ experience in the IT and networking industry. Prior to joining Napatech in 2017, Daniel was Sr. director of product management and solutions architecture at Netronome. Prior to that he was manager of network solutions and principal engineer, office of the CTO at Ericsson. He has an MS in Information Science/Telecommunications from the University of Pittsburgh and a BS in Mechanical Engineering from Carnegie Mellon University.